Are Biometrics The Answer?

Biometric authentication looks sexy, but before you start scanning, consider some of its negatives.

Additionally, all biometric devices have specific software and hardware requirements. Check that you can support the device and that the device works with your network software. Also determine if an external power source or USB port is required and available.

Fears and cultural- or religious-based beliefs may work against you as well. Survey your employees to determine how many will accept the idea. And try out the device to determine if your employees can accurately use it.

And, of course, security researchers have found ways to trick biometric devices. Fingerprints can be lifted off a glass surface, even from the fingerprint reader, using graphite powder and a piece of tape or a cube of gelatin. Iris scanners might be fooled with a high-resolution image of the user's eye. To counteract these tricks, newer devices look for "liveness" indicated by pulse or vascular movement.

Setting Thresholds

Biometric devices' acceptable-failure thresholds are based on a FAR (false acceptance rate) and an FRR (false rejection rate). The FAR shows the likelihood of a user being incorrectly accepted; the FRR indicates how likely a biometric device will incorrectly reject a user.